As seen in the Boston Business Journal
The majority of business owners believe that an audit is a fraud prevention tool. If you were to ask business investors if they have ever read an audit report, or if they understand that the financial statements are a representation of management, you will likely be met with even more misconceptions about the auditor’s role.
Court records show numerous instances of fraud alleged by investors where the plaintiffs are accountants. As a consequence, malpractice insurance rates for CPA firms have skyrocketed, as the issuance of financial statements by an accounting firm is often misconstrued for an auditor taking responsibility for any fraud that may exist in an organization. All of the beliefs above could not be further from the truth.
The fact is that fraud exists, or has the potential to exist, in every organization, and is more readily perpetuated through a system of inadequate internal controls. During a financial statement audit, the auditors consider a company’s internal controls for purposes of designing audit tests, not for expressing an opinion on the effectiveness of the entity’s internal controls. Fraud within an organization tends to follow similar patterns in its evolution and discovery. What is evident in every circumstance, however, is that there is no such thing as a small fraud; a small fraud is merely a large fraud that was caught early.
According to the ACFE’s 2016 Report to the Nations on Occupational Fraud and Abuse, it is estimated that the typical organization will lose 5 percent of revenues in a year as a result of fraud. The most typical fraud schemes include billing and check tampering schemes.
From what Citrin Cooperman has witnessed, detected, or suspected, fraud tends to follow a similar pattern: a business owner or a member of a company’s accounting department begins to suspect that something doesn’t seem right; financially, profits may be high on paper, but cash flow is unusually tight; levels of scrapped inventory are increasing at alarming rates; or customers are calling about receiving statements showing outstanding invoices which they have already paid.
When discovered on an individual basis, these factors may invoke questions, but when considered together, the results can be more damaging than originally suspected.
American criminologist Donald Cressey developed a well-known theory called the fraud triangle, which posits that there are typically three factors that lead to fraud and unethical behavior — pressure, opportunity, and rationalization. There is not much that can be done about pressure and rationalization, but business owners can control the opportunity factor by implementing strong systems of internal control designed to prevent and detect fraud and error.
The first step in preventing a fraud opportunity is for business owners to realize that they themselves, not their auditors, are integral to the company’s system of internal control.
Typical controls that owners are, or should be, responsible for include the following:
Business owners should regularly review their systems of internal control to ensure that not only are they in place, but that they’re operational. A comprehensively-designed system of internal control in a state of failure is just as ineffective as not having a system at all.
Internal control across organizations vary depending upon the size and complexity of the organization. The intent of a strong system remains constant — to prevent the opportunity that an individual within your organization could manage to perpetuate fraud while assuring owners that the financial information that they use to make decisions is accurate.
While an audit can uncover instances of internal control weaknesses, the entire organization is better equipped for success with a strong system of internal control supported by and enforced by the owners of the organization.